Updated: 01 April 2024

1. Introduction

1.1 This Privacy Policy applies when you contact us and / or when there is a Contract (Subscription or Maintenance & Support Plan and/or Services Contract) between Flo-culture Ltd ("Flo-culture," "we," "us") and the person or entity using our Services ("customer," "you," "your"). This policy governs how we use the information you provide us when you get in touch, sign up and use our services.

1.2 We are committed to protecting your privacy and will only use the information that we collect about you lawfully.

2. Definitions

2.1 Before you read the remainder of our Privacy Policy, we would like to clarify four concepts that are important for the full understanding of this statement. These four concepts are: the 'privacy statement', the 'data subject', the 'personal data', and 'processing'.

2.2.1 The 'privacy policy’ informs, among other things, what personal data is collected, for what purpose, what is done with it, how long this takes place and what rights the data subject has regarding this process.

2.2.2 The privacy statement is addressed to the person whose personal data will be processed. That person is called the ‘data subject’.

2.2.3 ‘Personal data’ is a very broad concept. It concerns information and data about an identified or identifiable person. This means that the information is directly about a person or can be traced back to a person. For example, someone’s name, address, telephone number, email address, or IP-address.

2.3.4 Every action that can be done with personal data is indicated by the word 'process'. This includes collecting, organizing, storing, updating, modifying, retrieving, using, distributing, combining, blocking, erasing, and destroying the data, and any other action concerning the processing of personal data.

3. Our compliance statement

3.1. We will process all personal data fairly and lawfully.

3.2 We will only process personal data for specified and lawful purposes.

3.3 We will endeavour to hold relevant and accurate personal data, and where practical, we will keep it up to date.

3.4 We will not keep personal data for longer than is necessary.

3.5 We will keep all personal data secure.

3.6 We will endeavour to ensure that personal data is not transferred to countries outside of the European Economic Area (EEAA) without adequate protection.

4. Data controller contact information

4.1 Full name of Company: Flo-culture Ltd, a company registered in England and Wales with Company number 10397623.

4.2 Registered address: Flo-culture, Church Hall, 53 Front Street, East Boldon, NE36 0SD.

4.3 Contact address: Contact Us - Flo-culture

You can contact the controller with your questions and concerns regarding the procedure and handling of your personal data by us. You can also contact the controller in case you want to exercise any of your rights regarding the personal data processed by us.

5. Description of the personal information we collect

5.1 Organisations that express an interest in our services:

We collect personal data about your staff, directors or trustees for a number of reasons, including communicating with you, responding to requests for information.

The personal data we collect can include:

  • Name
  • Contact details
  • Records of your communication with us

5.2 Organisations that buy from us (services and subscriptions)

In addition to that personal data collected above we may also collect further information about directors/trustees to process a merchant account application with a selected payment provider.

The personal data we collect can include:

  • Name
  • Contact details
  • Records of your communication with us
  • Date of birth
  • Private address
  • Copies of identity documents

5.3 Note on payment

We do not see, collect or store any sensitive payment data whatsoever when processing a card transaction.

The data which is required to perform a card transaction will be captured, but all data is encrypted at source,
and therefore not visible to us.

We may record an anonymised payment token that lets us know if you are a repeat user.

We may use this to streamline the process when you use the service in future.

6. How we use the information you provide

6.1 We will process your data for the following reasons:

  • To provide our services
  • To supply you with communications you have requested about our products or services
  • To provide customer support
  • To keep a record of your relationship with us
  • To manage your communication preferences
  • To monitor and mitigate fraudulent and illegal activities
  • To comply with applicable laws and regulations, and requests from statutory agencies

6.2 For individuals that are making a payment:

  • We will process your data for the following reasons:
  • To ensure that the payment is received by the relevant organisation and to provide our services to our customers
  • To monitor and mitigate fraudulent and illegal activities

7. Cookies policy

7.1 When someone visits our Website and/or any of our Service Platforms, we use Google Analytics, a web analytics service, to collect standard Internet log information and details of visitor behaviour patterns.

7.2 We do this to find out things such as the number of visitors to the various parts of the Website/ or Service Platforms. This information is only processed in a way, which does not identify anyone.

7.3 We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our Website/or Service Platforms.

7.4 If we do want to collect personally identifiable information through our Website/or Service Platforms, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

8. Our legal basis for processing personal data

8.1 We need a lawful basis to collect and use your personal data under data protection law. The law allows for six ways to process personal data (and additional ways for sensitive personal data). Four of these are relevant to the types of processing that GWD carries out.

This includes information that is processed on the basis of:

  • A person’s consent (for example to send you direct marketing by e-mail and for our website visitors)
  • Processing necessary for the performance of a contract with you (for our customers)
  • Processing that is necessary for compliance with a legal obligation

9. Our legitimate interests

9.1 Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as that interest is not overridden by the privacy rights of the individual whose data is being used. If you would like to change our use of your personal data, please get in touch with us using the details in the “How to contact us” section below.

10. Sharing information

10.1 We do not share, sell or rent your information to third parties for marketing purposes.

10.2 We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law or unless we have consent from you.

10.3 We may allow our staff, consultants and/or external providers acting on our behalf to access and use your information for the purposes for which you have provided to us (e.g. to analyse data or to process payments).

10.4 We make sure your information is treated with the same level of care as if we were handling it directly.

10.5 There may service delivery circumstances when we share your personal data with third parties. Only relevant personal data is shared. In addition, personal data is only shared if this is required on the basis of one or more of the legal grounds mentioned above.

11. Employees with access to your personal data

11.1 Employees of Flo-culture who have access to personal data of data subjects, are not allowed to use this data for personal purposes. This includes all actions concerning the personal data of data subjects for personal purposes.

12. Personal data security

12.1 We ensure that there are appropriate physical, technical and managerial controls in place to protect your personal details.

12.2 All information you provide to us is stored on our secure servers.

12.3 Any payment transactions will be encrypted.

12.4 Where we have given you (or where you have chosen) a password, which enables you to access certain our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

12.5 Please note, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website and/or Service Platforms; any transmission is at your own risk.

12.6 Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. See Terms and Conditions of our Platform Plans and Service Contracts for further information about how we keep you information secure.

13. Duration of personal data storage

13.1 We will keep your personal data for no longer than is necessary for the purposes for which it is processed, in accordance with our policies or applicable regulation.

14. Your rights

14.1 Every data subject has rights under UK GDPR to guarantee a correct privacy policy. If you want to exercise one or more of these rights, you can contact the controller (see the paragraph on “contact information” listed above). In case you seek contact with the controller, the controller is obliged to provide you with a reply within one month. There will be no charge made for a data subject’s request for information or action under these rights.

14.1.1 The right to be informed - Every data subject has the right to be provided with clear and concise information about what is done with their personal data.

14.1.2 Right of access by the data subject - Every data subject has the right to access and receive a copy of personal data that this app has processed from you.

14.1.3 Right of rectification - Every data subject has the right to rectify inaccurate personal data that the app has processed about you if this data turns out to be incorrect or incomplete. We will respond to such requests within one month. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.

14.1.4 Right of erasure (the right to be forgotten) - Every data subject has the right to request that the data subject’s personal data be deleted from our possession. We are obliged to delete this data upon your request and within one month. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.

14.1.5 Right to object - Every data subject has the right to object to the processing of the subject personal data. You must state what your specific reasons are for making an objection. If you object to direct marketing, direct marketing will immediately be discontinued.

14.1.6 Right to restrict - Every data subject has the right to restrict this app from processing your personal data if, for example, the data subject believes the information is not accurate and is verifying its accuracy. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.

14.1.7 Right of portability - Every data subject has the right to receive personal data that we have processed from the data subject in a readable form.

14.2 If you are unhappy with the way we handled your personal data, please contact us using the details below. You are also entitled to make a complaint to the Information Commissioner’s Office at https://ico.org.uk/

15. Governing Law

15.1 This Policy and any dispute or claim arising out of it or in connection with it or its subject matter shall be governed by and construed in accordance with the laws of England and Wales and the parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this policy or its subject matter.

16. Privacy policy updates

16.1 This privacy statement has been compiled with care. We keep a close eye on developments in the field of privacy law and may periodically update this privacy policy to comply with changes.

16.2 At the top of this document, we will always place the date on which the document was last edited so that you can see at a glance if this has been updated since your last visit.

17 How to contact us

17.1 Please email Stewart Pearson, Director & Operations Lead  or Contact us to get in touch.